package controller;

import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import model.UserGroup;

import core.CurrentUser;
import core.PgSQL;
import core.Tool;
import core.View;

public class DeletePaper extends HttpServlet {
	private static final long serialVersionUID = 1L;
	private static PgSQL db = PgSQL.getInstance();
	
	protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		CurrentUser user = new CurrentUser(request);
		if(!user.getGroup().hasPermission(UserGroup.DELETE_PAPER)){
			View.showMessage(request, response, "You have no permission to delete any paper.", "back");
			return;
		}
		
		int pid = Tool.intval(request.getParameter("pid"));
		if(pid <= 0){
			View.showMessage(request, response, "Illegal Operation", null);
			return;
		}
		
		if(request.getParameter("confirm") == null){
			View.showMessage(request, response, "Are you sure you want to delete this question?", "confirm");
			return;
		}
		
		db.update("DELETE FROM qz_papercontent WHERE pid=" + pid);
		db.update("DELETE FROM qz_paper WHERE pid=" + pid);
		View.showMessage(request, response, "Deletion succeeded!", "PaperList");
	}
}
